CDPH Cites 10 Hospitals For Patient Privacy Breaches

Many of The Incidents Date Back to 2010

The California Department of Public Health has recently disclosed 12 citations against 10 hospitals for breaches of confidential patient information. They are the first such disclosures of 2016.

            Numerous citations were for breaches that occurred as far back as 2010, and virtually all involved hospital employees accessing medical records for personal reasons. Some of the incidents had been previously disclosed by the hospitals.

            Although each breach of patient confidentiality carries a fine of as much as $25,000, the actual amount of fines are not disclosed with the report, as CDPH does with citations involving patient safety issues. The agency did not immediately release any fine data after a query from Payers & Providers.

            The citations included:

 

  • Cedars-Sinai Medical Center in Los Angeles was cited for a 2013 incident in which the records of 14 patients were inappropriately accessed by employees and a student researcher who worked at the hospital, all of whom were apparently given inappropriate access to the records system by local doctors. The hospital disclosed the incident in July 2013. All six employees were fired as a result of the breach.

 

  • Shasta Regional Medical Center in Redding received two citations, both for incidents that occurred in 2013. One was for an incident in which a monitor technician accessed the medical record of a friend, discovered they had been diagnosed with hepatitis during a 2011 hospital, and shared the information with a third party, warning that their bathroom should be wiped with bleach if the patient ever visited their home. The technician was fired. The other citation was related to a former housekeeping employee posting to Facebook photos of hospital operations. The photos included three medication bags that included patient names.

                                                                                                                             

  • Northridge Hospital Medical Center in Los Angeles also received two citations, both related to the same incident that occurred in August 2010, where an employee had their medical information accessed by a nurse and surgical technician shortly after they underwent a surgical procedure.

 

  • Antelope Valley Hospital in Lancaster was cited for a 2010 incident in which an employee looked up a patient's medical record and disclosed information regarding a surgical procedure to a friend of the patient.

 

  • Northern Inyo Hospital was cited for a 2014 incident in which an employee accessed the medical records of a patient with which he had had a prior romantic relationship. The hospital fired the employee.

 

  • St. Helena Hospital in Clearlake was cited for a 2010 incident where a clerical employee charged with destroying aging medical records took home at least one record for her personal use. The employee was fired.

 

  • Salinas Valley Memorial Hospital was cited for a 2013 incident in which a nurse disclosed a patient's diagnosis in front of his visitors during a dispute over prescribed medication. The nurse was disciplined.

 

  • Rady's Children Hospital was cited for a 2014 incident in which information pertaining to 14,000 patients was inadvertently disseminated as part of an email intended to screen candidates for a job at the hospital. Rady publicly disclosed the breach in 2014.

 

  • Santa Clara Valley Medical Center was cited for a 2013 incident in which an employee accessed an acquaintance's medical records and disseminated information regarding the patient. The breach was not discovered until 2014, when the patient complained. The employee was fired.

 

  • Watsonville Community Hospital was cited for a 2013 incident in which discharge plans were given to the wrong patient. The nurse responsible for the breach was counseled.

           

CDPH issued 32 breach citations in 2015 and 22 in 2014.

News Region: 
California